aboutsummaryrefslogtreecommitdiffhomepage
path: root/fuzz/Fuzz.h
Commit message (Collapse)AuthorAge
* Fuzz PDF, N32, and Null CanvasesGravatar Hal Canary2017-02-27
| | | | | | | | | | run `fuzz --type pdf_canvas` or `fuzz --type null_canvas` or `fuzz --type n32_canvas` Change-Id: Id70179d5578ed1e67006aef7823bf75fc1d7a4a6 Reviewed-on: https://skia-review.googlesource.com/8418 Reviewed-by: Kevin Lubick <kjlubick@google.com> Commit-Queue: Hal Canary <halcanary@google.com>
* move SkTRegister.h into toolsGravatar Mike Reed2017-01-11
| | | | | | | | | BUG=skia: Change-Id: Ie7d4fac3024b361a281f456fec2b3a837e2bfe43 Reviewed-on: https://skia-review.googlesource.com/6881 Commit-Queue: Mike Reed <reed@google.com> Reviewed-by: Mike Klein <mtklein@chromium.org>
* Fix fuzzRangeGravatar Kevin Lubick2016-11-29
| | | | | | | | | | | | Make the fuzzRange not crash if min == max, just set n to be min. BUG=skia: Change-Id: I138cefbec9b408d3b35e4258d770e6b396af0e5f Reviewed-on: https://skia-review.googlesource.com/5305 Reviewed-by: Mike Klein <mtklein@chromium.org> Commit-Queue: Kevin Lubick <kjlubick@google.com>
* Add back in min/max check on fuzzer rangeGravatar Kevin Lubick2016-11-16
| | | | | | | | | | | BUG=skia: GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=4798 Change-Id: Ia93b4eeea82dd04f0c6bd287f61d26086a0aa740 Reviewed-on: https://skia-review.googlesource.com/4798 Reviewed-by: Kevin Lubick <kjlubick@google.com> Commit-Queue: Kevin Lubick <kjlubick@google.com>
* Properly handle INT_MIN and relatedGravatar Kevin Lubick2016-11-14
| | | | | | | | | | | BUG=skia:5967 GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=4751 Change-Id: Ie846560ebdaf11e1a5247842b3549ade1e100af2 Reviewed-on: https://skia-review.googlesource.com/4751 Reviewed-by: Kevin Lubick <kjlubick@google.com> Commit-Queue: Kevin Lubick <kjlubick@google.com>
* Avoid platform-dependent function params in FuzzerGravatar Kevin Lubick2016-11-10
| | | | | | | | | | | | | | | | | | | We use this approach instead of T next() because different compilers evaluate function parameters in different orders. If fuzz->next() returned 5 and then 7, foo(fuzz->next(), fuzz->next()) would be foo(5, 7) when compiled on GCC and foo(7, 5) when compiled on Clang. By requiring params to be passed in, we avoid the temptation to call next() in a way that does not consume fuzzed bytes in a single platform-independent order. BUG=skia: GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=4392 Change-Id: I35de849f82e8be45378f662a48100eb732fa8895 Reviewed-on: https://skia-review.googlesource.com/4392 Reviewed-by: Mike Klein <mtklein@chromium.org> Commit-Queue: Kevin Lubick <kjlubick@google.com>
* Make fuzzers use cleaner interfaceGravatar Kevin Lubick2016-11-01
| | | | | | | | | | | | | | | signalBoring() no longer exists. When the fuzzer runs out of randomness, it just returns 0. Fuzzers should not go into infinite loops if this happens. do while loops are particularly error-prone. BUG=skia: GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=3963 Change-Id: Iebcfc14cc6b0a19c5dd015cd39875c81fa44003e Reviewed-on: https://skia-review.googlesource.com/3963 Commit-Queue: Kevin Lubick <kjlubick@google.com> Reviewed-by: Mike Klein <mtklein@chromium.org>
* Fix memory leak in FuzzGradientsGravatar kjlubick2016-10-25
| | | | | | | BUG=skia: GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2446643003 Review-Url: https://codereview.chromium.org/2446643003
* Fix fuzzer's bools to be 0 or 1 onlyGravatar kjlubick2016-10-24
| | | | | | | BUG=skia: GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2447823002 Review-Url: https://codereview.chromium.org/2447823002
* change SkStreams to work with sk_sp<SkData> instead of SkData*Gravatar reed2016-09-12
| | | | | | | BUG=skia: GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2333713002 Review-Url: https://codereview.chromium.org/2333713002
* Convert SkAutoTUnref<SkData> to sk_sp<SkData>.Gravatar bungeman2016-08-03
| | | | | | | | | With the move from SkData::NewXXX to SkData::MakeXXX most SkAutoTUnref<SkData> were changed to sk_sp<SkData>. However, there are still a few SkAutoTUnref<SkData> around, so clean them up. Review-Url: https://codereview.chromium.org/2212493002
* Port FuzzPathop from chromiumGravatar kjlubick2016-07-19
| | | | | | | BUG=skia: GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2148023002 Review-Url: https://codereview.chromium.org/2148023002
* Do an in-place replacement of SkRandom with Fuzz for FilterFuzzGravatar kjlubick2016-04-05
| | | | | | | | | | This feels rather clunky, because we aren't using the full potential of the fuzzer, but it works, it seems. BUG=skia:4969 GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1710183002 Review URL: https://codereview.chromium.org/1710183002
* Create ParsePath API fuzzGravatar kjlubick2016-02-18
| | | | | | | | | This is based on https://codereview.chromium.org/1675053002 BUG=skia:4438 GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1702383003 Review URL: https://codereview.chromium.org/1702383003
* fuzz: signalBug() / signalBoring()Gravatar mtklein2016-01-15
| | | | | | | | | | | | | | | Instead of a single ASSERT macro, this switches to two new methods: - signalBug(): tell afl-fuzz there's a bug caused by its inputs (by crashing) - signalBoring(): tell afl-fuzz these inputs are not worth testing (by exiting gracefully) I'm not seeing any effect on fuzz/s when I just always log verbosely. signalBug() now triggers SIGSEGV rather than SIGABRT. This should make it work with catchsegv more easily. BUG=skia: GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1585353002 Review URL: https://codereview.chromium.org/1585353002
* some fuzz hackingGravatar mtklein2016-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | Try to start faster: - remove flags dependency - print nothing - strip unused symbols from the binary on Mac (smaller binary) - only create one fuzz object - only run one DEF_FUZZ I am not sure if any of these things mattered, but I thought you may like to look. Good stuff: - make nextU() / nextF() work - drop nextURange() / nextFRange() for now - add nextB() for a single byte As you may have guessed, I have figured out how to use afl-fuzz on my laptop. Syntax to run becomes: $ afl-fuzz ... out/Release/fuzz <DEF_FUZZ name> @@ BUG=skia: GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1581203003 Review URL: https://codereview.chromium.org/1581203003
* Add new fuzz binary.Gravatar mtklein2016-01-13
This is designed to have short startup time, for maximum fuzzing throughput. BUG=skia: GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1589563002 Review URL: https://codereview.chromium.org/1589563002